Skip to content

Authenticated Remote Code Execution

High
gruberroland published GHSA-fm9w-7m7v-wxqv Mar 16, 2024

Package

ldap-account-manager (none)

Affected versions

< 8.7

Patched versions

8.7

Description

Impact

LAM's log configuration allows to specify arbitrary paths for log files. An attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed.

The issue is mitigated by the following:

  • an attacker needs to know LAM's master configuration password to be able to change the main settings
  • The webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories.

Patches

The issue has been fixed in 8.7.

Workarounds

Limit access to LAM configuration pages to authorized users.

Severity

High
7.9
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
High
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
High
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:H

CVE ID

CVE-2024-23333

Weaknesses

No CWEs

Credits